Or. Admin. Code § 333-125-0120

Current through Register Vol. 63, No. 12, December 1, 2024
Section 333-125-0120 - Physical Protection Requirements During Use: Security Program, Protection of Information
(1) Licensees authorized to possess category 1 or category 2 quantities of radioactive material shall secure from public disclosure and limit access to their security plan and implementation procedures, and the list of individuals that have been approved for unescorted access.
(2) Efforts to limit access shall include the development, implementation, and maintenance of written policies and procedures for controlling access to, and for proper handling and protection against unauthorized disclosure of the security plan implementation procedures, and the list of individuals that have been approved for unescorted access.
(3) Before granting an individual access to the security plan, implementation procedures, or the list of individuals that have been approved for unescorted access, the licensee shall:
(a) Evaluate an individual's need to know of the security plan, implementation procedures, or the list of individuals that have been approved for unescorted access; and
(b) If the individual has not been authorized for unescorted access to category 1 or category 2 quantities of radioactive material, safeguards information, or safeguards information-modified handling, the licensee must complete a background investigation to determine the individual's trustworthiness and reliability. A trustworthiness and reliability determination shall be conducted by the reviewing official and shall include the background investigation elements contained in OAR 333-125-0060(2)(b) through (2)(e)(B).
(4) Licensees need not subject the following individuals to the background investigation elements for protection of information:
(a) The categories of individuals listed in OAR 333-125-0085(1)(a) through (m); or
(b) Security service provider employees, provided written verification that the employee has been determined to be trustworthy and reliable, by the required background investigation in OAR 333-125-0060(2)(b) through (2)(e)(B) has been provided by the security service provider.
(5) The licensee shall document the basis for concluding that an individual is trustworthy and reliable and allowed access to the security plan, implementation procedures, or the list of individuals that have been approved for unescorted access.
(6) Licensees shall maintain a list of persons currently approved for access to the security, implementation procedures, or the list of individuals that have been approved for unescorted access. When a licensee determines that a person no longer needs access to the security plan, implementation procedures, or the list of individuals that have been approved for unescorted access, or no longer meets the access authorization requirements for access to the information, the licensee shall remove the person from the approved list as soon as possible, but no later than seven working days, and take prompt measures to ensure that the individual is unable to obtain the security plan, implementation procedures, or the list of individuals that have been approved for unescorted access.
(7) When not in use, the licensee shall store its security plan, implementation procedures, and the list of individuals that have been approved for unescorted access in a manner to prevent unauthorized access. Information stored in non-removable electronic form must be password protected.
(8) The licensee shall retain as a record for three years after the document is no longer needed:
(a) A copy of the information protection procedures; and
(b) The list of individuals approved for access to the security plan, implementing procedures, and the list of individuals approved for access to the security plan.

Or. Admin. Code § 333-125-0120

PH 19-2015, f. 9-30-15, cert. ef. 10/1/2015; PH 25-2016, f. 8-26-16, cert. ef. 9/1/2016; PH 4-2017, f. 1-26-17, cert. ef. 2/1/2017; PH 12-2017, amend filed 10/25/2017, effective10/25/2017; PH 3-2023, amend filed 01/17/2023, effective 1/18/2023

Statutory/Other Authority: ORS 453.635

Statutes/Other Implemented: ORS 453.635